2008 R2 64bit
I am in the process of defining a GPO on the default Domain controllers policy and I had enabled the following for audits:
1) Audit Logon Events (S/F) = Success and Failure
2) Account Management
3) Directory Service Access
4) Policy Change
I used best practice from MS to set the Max size for application, security and systems to 4194240 kb.
Now moving to the Retain and Retention, can anyone guide me on what would be best definied. I want to have the event there at least up to 90 days.